Merge branch '4.2'

nicolas-grekas · nicolas-grekas · commit fd31f7cd25a5 · 2019-02-23T16:22:31.000+01:00
* 4.2: (26 commits)
  Apply php-cs-fixer rule for array_key_exists()
  [Cache] fix warming up cache.system and apcu
  [Security] Change FormAuthenticator if condition
  handles multi-byte characters in autocomplete
  speed up tests running them without debug flag
  [Translations] added missing Croatian validators
  Fix getItems() performance issue with RedisCluster (php-redis)
  [VarDumper] Keep a ref to objects to ensure their handle cannot be reused while cloning
  IntegerType: reject submitted non-integer numbers
  be keen to newcomers
  [HttpKernel] Fix possible infinite loop of exceptions
  fixed CS
  [Validator] Added missing translations for Afrikaans
  do not validate non-submitted form fields in PATCH requests
  Update usage example in ArrayInput doc block.
  [Console] Prevent ArgvInput::getFirstArgument() from returning an option value
  [Validator] Fixed duplicate UUID
  fixed CS
  [EventDispatcher] Fix unknown priority
  Avoid mutating the Finder when building the iterator
  ...
diff --git a/Core/Authentication/Token/AbstractToken.php b/Core/Authentication/Token/AbstractToken.php
@@ -225,7 +225,7 @@ public function setAttributes(array $attributes)
      */
     public function hasAttribute($name)
     {
-        return array_key_exists($name, $this->attributes);
+        return \array_key_exists($name, $this->attributes);
     }
 
     /**
@@ -239,7 +239,7 @@ public function hasAttribute($name)
      */
     public function getAttribute($name)
     {
-        if (!array_key_exists($name, $this->attributes)) {
+        if (!\array_key_exists($name, $this->attributes)) {
             throw new \InvalidArgumentException(sprintf('This token has no "%s" attribute.', $name));
         }
 
diff --git a/Core/Authorization/AccessDecisionManager.php b/Core/Authorization/AccessDecisionManager.php
@@ -42,7 +42,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface
     public function __construct(iterable $voters = [], string $strategy = self::STRATEGY_AFFIRMATIVE, bool $allowIfAllAbstainDecisions = false, bool $allowIfEqualGrantedDeniedDecisions = true)
     {
         $strategyMethod = 'decide'.ucfirst($strategy);
-        if (!\is_callable([$this, $strategyMethod])) {
+        if ('' === $strategy || !\is_callable([$this, $strategyMethod])) {
             throw new \InvalidArgumentException(sprintf('The strategy "%s" is not supported.', $strategy));
         }
 
diff --git a/Core/Encoder/EncoderFactory.php b/Core/Encoder/EncoderFactory.php
@@ -33,7 +33,7 @@ public function getEncoder($user)
         $encoderKey = null;
 
         if ($user instanceof EncoderAwareInterface && (null !== $encoderName = $user->getEncoderName())) {
-            if (!array_key_exists($encoderName, $this->encoders)) {
+            if (!\array_key_exists($encoderName, $this->encoders)) {
                 throw new \RuntimeException(sprintf('The encoder "%s" was not configured.', $encoderName));
             }
 
diff --git a/Http/Firewall/SimpleFormAuthenticationListener.php b/Http/Firewall/SimpleFormAuthenticationListener.php
@@ -97,7 +97,7 @@ protected function attemptAuthentication(Request $request)
             $password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);
         }
 
-        if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) {
+        if (!\is_string($username) && (!\is_object($username) || !\method_exists($username, '__toString'))) {
             throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username)));
         }
 
diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
@@ -85,7 +85,7 @@ protected function attemptAuthentication(Request $request)
             $password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);
         }
 
-        if (!\is_string($username) || (\is_object($username) && !\method_exists($username, '__toString'))) {
+        if (!\is_string($username) && (!\is_object($username) || !\method_exists($username, '__toString'))) {
             throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username)));
         }
 
diff --git a/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php b/Http/Tests/Firewall/UsernamePasswordFormAuthenticationListenerTest.php
@@ -81,7 +81,7 @@ public function testHandleWhenUsernameLength($username, $ok)
      * @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
      * @expectedExceptionMessage The key "_username" must be a string, "array" given.
      */
-    public function testHandleNonStringUsername($postOnly)
+    public function testHandleNonStringUsernameWithArray($postOnly)
     {
         $request = Request::create('/login_check', 'POST', ['_username' => []]);
         $request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
@@ -99,6 +99,79 @@ public function testHandleNonStringUsername($postOnly)
         $listener->handle($event);
     }
 
+    /**
+     * @dataProvider postOnlyDataProvider
+     * @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
+     * @expectedExceptionMessage The key "_username" must be a string, "integer" given.
+     */
+    public function testHandleNonStringUsernameWithInt($postOnly)
+    {
+        $request = Request::create('/login_check', 'POST', ['_username' => 42]);
+        $request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
+        $listener = new UsernamePasswordFormAuthenticationListener(
+            new TokenStorage(),
+            $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')->getMock(),
+            new SessionAuthenticationStrategy(SessionAuthenticationStrategy::NONE),
+            $httpUtils = new HttpUtils(),
+            'foo',
+            new DefaultAuthenticationSuccessHandler($httpUtils),
+            new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils),
+            ['require_previous_session' => false, 'post_only' => $postOnly]
+        );
+        $event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST);
+        $listener->handle($event);
+    }
+
+    /**
+     * @dataProvider postOnlyDataProvider
+     * @expectedException \Symfony\Component\HttpKernel\Exception\BadRequestHttpException
+     * @expectedExceptionMessage The key "_username" must be a string, "object" given.
+     */
+    public function testHandleNonStringUsernameWithObject($postOnly)
+    {
+        $request = Request::create('/login_check', 'POST', ['_username' => new \stdClass()]);
+        $request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
+        $listener = new UsernamePasswordFormAuthenticationListener(
+            new TokenStorage(),
+            $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')->getMock(),
+            new SessionAuthenticationStrategy(SessionAuthenticationStrategy::NONE),
+            $httpUtils = new HttpUtils(),
+            'foo',
+            new DefaultAuthenticationSuccessHandler($httpUtils),
+            new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils),
+            ['require_previous_session' => false, 'post_only' => $postOnly]
+        );
+        $event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST);
+        $listener->handle($event);
+    }
+
+    /**
+     * @dataProvider postOnlyDataProvider
+     */
+    public function testHandleNonStringUsernameWith__toString($postOnly)
+    {
+        $usernameClass = $this->getMockBuilder(DummyUserClass::class)->getMock();
+        $usernameClass
+            ->expects($this->atLeastOnce())
+            ->method('__toString')
+            ->will($this->returnValue('someUsername'));
+
+        $request = Request::create('/login_check', 'POST', ['_username' => $usernameClass]);
+        $request->setSession($this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')->getMock());
+        $listener = new UsernamePasswordFormAuthenticationListener(
+            new TokenStorage(),
+            $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface')->getMock(),
+            new SessionAuthenticationStrategy(SessionAuthenticationStrategy::NONE),
+            $httpUtils = new HttpUtils(),
+            'foo',
+            new DefaultAuthenticationSuccessHandler($httpUtils),
+            new DefaultAuthenticationFailureHandler($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $httpUtils),
+            ['require_previous_session' => false, 'post_only' => $postOnly]
+        );
+        $event = new GetResponseEvent($this->getMockBuilder('Symfony\Component\HttpKernel\HttpKernelInterface')->getMock(), $request, HttpKernelInterface::MASTER_REQUEST);
+        $listener->handle($event);
+    }
+
     public function postOnlyDataProvider()
     {
         return [
@@ -115,3 +188,11 @@ public function getUsernameForLength()
         ];
     }
 }
+
+class DummyUserClass
+{
+    public function __toString()
+    {
+        return '';
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -225,7 +225,7 @@ public function setAttributes(array $attributes)`
`225`	`225`	`*/`
`226`	`226`	`public function hasAttribute($name)`
`227`	`227`	`{`
`228`		`- return array_key_exists($name, $this->attributes);`
	`228`	`+ return \array_key_exists($name, $this->attributes);`
`229`	`229`	`}`
`230`	`230`
`231`	`231`	`/**`
`@@ -239,7 +239,7 @@ public function hasAttribute($name)`
`239`	`239`	`*/`
`240`	`240`	`public function getAttribute($name)`
`241`	`241`	`{`
`242`		`- if (!array_key_exists($name, $this->attributes)) {`
	`242`	`+ if (!\array_key_exists($name, $this->attributes)) {`
`243`	`243`	`throw new \InvalidArgumentException(sprintf('This token has no "%s" attribute.', $name));`
`244`	`244`	`}`
`245`	`245`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface`
`42`	`42`	`public function __construct(iterable $voters = [], string $strategy = self::STRATEGY_AFFIRMATIVE, bool $allowIfAllAbstainDecisions = false, bool $allowIfEqualGrantedDeniedDecisions = true)`
`43`	`43`	`{`
`44`	`44`	`$strategyMethod = 'decide'.ucfirst($strategy);`
`45`		`- if (!\is_callable([$this, $strategyMethod])) {`
	`45`	`+ if ('' === $strategy \|\| !\is_callable([$this, $strategyMethod])) {`
`46`	`46`	`throw new \InvalidArgumentException(sprintf('The strategy "%s" is not supported.', $strategy));`
`47`	`47`	`}`
`48`	`48`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ public function getEncoder($user)`
`33`	`33`	`$encoderKey = null;`
`34`	`34`
`35`	`35`	`if ($user instanceof EncoderAwareInterface && (null !== $encoderName = $user->getEncoderName())) {`
`36`		`- if (!array_key_exists($encoderName, $this->encoders)) {`
	`36`	`+ if (!\array_key_exists($encoderName, $this->encoders)) {`
`37`	`37`	`throw new \RuntimeException(sprintf('The encoder "%s" was not configured.', $encoderName));`
`38`	`38`	`}`
`39`	`39`
Original file line number	Diff line number	Diff line change
`@@ -97,7 +97,7 @@ protected function attemptAuthentication(Request $request)`
`97`	`97`	`$password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);`
`98`	`98`	`}`
`99`	`99`
`100`		`- if (!\is_string($username) \|\| (\is_object($username) && !\method_exists($username, '__toString'))) {`
	`100`	`+ if (!\is_string($username) && (!\is_object($username) \|\| !\method_exists($username, '__toString'))) {`
`101`	`101`	`throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username)));`
`102`	`102`	`}`
`103`	`103`
Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ protected function attemptAuthentication(Request $request)`
`85`	`85`	`$password = ParameterBagUtils::getRequestParameterValue($request, $this->options['password_parameter']);`
`86`	`86`	`}`
`87`	`87`
`88`		`- if (!\is_string($username) \|\| (\is_object($username) && !\method_exists($username, '__toString'))) {`
	`88`	`+ if (!\is_string($username) && (!\is_object($username) \|\| !\method_exists($username, '__toString'))) {`
`89`	`89`	`throw new BadRequestHttpException(sprintf('The key "%s" must be a string, "%s" given.', $this->options['username_parameter'], \gettype($username)));`
`90`	`90`	`}`
`91`	`91`